Identity management solutions then apply these rules to determine who can or can’t access or manipulate a resource.

Traditionally, identity and access management has been implemented either by using directory services or by building a custom solution inside an application’s backend.

Hierarchical directory structures, however, can’t cope with the complex dependency structures found in multi-party distributed supply chains. And custom solutions that use non-graph databases to store identity and access data become slow and unresponsive as their datasets grow in size.

This week, we’ll take a closer look at identity and access management (IAM).

The Key Challenges in Identity & Access Management:

Today’s enterprise data professionals face greater challenges than ever before when it comes to storing and managing user identities and authorization. Not only must data architects deal with user access fraud, but they also must manage all of these changing relationships in real time. Here are some of their biggest challenges:

Highly interconnected identity and access permissions data

To verify an accurate identity and its access permissions, the system needs to traverse through a highly interconnected dataset that is growing in size and complexity.

Why Use a Graph Database for Storing Identity and Access Data?

Its richly and variably structured data model supports both hierarchical and non-hierarchical structures, while its extensible property model allows for capturing rich metadata regarding every element in the system.

With a query engine that can traverse millions of relationships per second, graph database access lookups over large, complex structures execute in milliseconds not minutes or hours.

Which resources – company structures, products, services, agreements and end users – can a particular administrator manage? (Top-down)

Given a particular resource, who can modify its access settings? (Bottom-up)

Which resource can an end-user access?

Access control and authorization solutions powered by graph databases are particularly applicable in the areas of content management, federated authorization services, social networking preferences and software as a service (SaaS) offerings – where they realize minutes-to-milliseconds increases in performance over their relational database predecessors.

Example: Telenor Norway

Telenor Norway is an international communications services company. For several years, it has offered its largest business customers the ability to self-service their accounts.

Using a browser-based application, administrators within each of these customer organizations can add and remove services on behalf of their employees.

To ensure users and administrators see and change only those parts of the organization and the services they are entitled to manage, the application employs a complex identity and access management system which assigns privileges to millions of users across tens of millions of product and service instances.

Due to performance and responsiveness issues, Telenor decided to replace its existing IAM system with a graph database solution.

Their original system used a relational database, which used recursive JOINs to model complex organizational structures and product hierarchies. Because of the join-intensive model, their most important queries were unacceptably slow.

In contrast, once they implemented a graph database solution, Telenor realized the performance, scalability and adaptiveness necessary for handling their identity and access management needs, reducing queries that once took many minutes to milliseconds.

About the Author

Jim Webber & Ian Robinson,
Chief Scientist & Senior Engineer

Jim Webber is Chief Scientist at Neo Technology working on next-generation solutions for massively scaling graph data. Prior to joining Neo Technology, Jim was a Professional Services Director with ThoughtWorks where he worked on large-scale computing systems in finance and telecoms. Jim has a Ph.D. in Computing Science from the Newcastle University, UK.

Ian Robinson is an Senior Engineer at Neo Technology. He is a co-author of ‘REST in Practice’ (O’Reilly) and a contributor to the forthcoming books ‘REST: From Research to Practice’ (Springer) and ‘Service Design Patterns’ (Addison-Wesley). He presents at conferences worldwide on the big Web graph of REST, and the awesome graph capabilities of Neo4j.

1 Comment

Every enterprise needs a concrete identity and access management, because it is is very important for resources to be used by only those people who are given authority to access them, such identity and access management systems, increase data security too.

This website uses 'cookies' to give you the best, most relevant experience. Using this website means you’re OK with this. You can change which cookies are set at any time - by clicking on more info. Accept